Beruflich Dokumente
Kultur Dokumente
Reading: CB, Ch 19
Which group do you think poses the greatest threat? Impact of an event is important but not the events occurrence probability
Rare events may pose more risk!!!
Symmetric Key: use same key to encrypt and decrypt... This is OK if A and B are physically nearby But on the internet, there's a serious problem!! Cypher Text
A Key
Dept. of Computing Science, University of Aberdeen
B ???
6
Above, A (sender) first asks B (receiver) for public key... Then, A can encrypt message with B's public key Rivest, Shamir, Adelman (RSA): slow but unbreakable RSA - Uses massive prime numbers (128-bit keys) PGP Pretty Good Privacy combines DES + RSA
Dept. of Computing Science, University of Aberdeen 7
Digital Signatures
Digital signatures (RSA in reverse):
Establishes authenticity of a document "Hi, this message is in clear text but if anyone changes even a single byte, you will be able to tell that the message is not the original from the digital signature below, signed with my private key. Yours, D. BEGIN SIGNATURE P4`341uy2rl34iut1lf,jbf,KPP98$\%\#!\$"BV!"X# END SIGNATURE
Digital Certificates
Digital Certificates use a trusted third party called a Certificating Authority (CA).
Certificating Authority
CertA
A
CertB
CertA PubA
Trust
CertB PubB B
If A & B both trust CA, then A & B can trust each other Often used to set up secure connections: HTTPS, SSL Once certificates exchanged, can then use RSA etc.
Dept. of Computing Science, University of Aberdeen 9
Firewalls
The Internet Firewall Internal Network ??
Internal Client
Internal Client
DBMS Server
Firewalls block unauthorised external network access Firewalls may limit access to the internet for internal machines
Dept. of Computing Science, University of Aberdeen 10
Internal Network
Bastion Hosts run web services etc. (liable to attack) Routers connect networks... Internal router is main firewall
Dept. of Computing Science, University of Aberdeen 11
Firewall Techniques
Use a proxy server to hide internal network addresses:
22.33.44.55 SE.CR.ET.!! Proxy
General guidelines:
Software firewalls:
Disable all user accounts on all Bastion machines Preferably, run only one type of service on each Bastion machine
Can have all-software firewalls (packet filters) Until MS-Blast virus, Microsoft shipped Windows-XP with firewall off by default!!
Dept. of Computing Science, University of Aberdeen 12
Summary
The best security comes from using multiple techniques:
People - authorisation/authentication . .need-to-know. Physical - protect the hardware, RAID discs, backups Network - use firewalls, encryption Software good programming practice main CS responsibility
Consider the different sources of risk (threats)... Balance the cost of implementing security measures vs cost of any loss!!
13